Wed. 14th September, 2011
It has been discovered that the TYPO3 prepared statement database API allows SQL Injections.
This is a companion discussion topic for the original entry at https://typo3.org/article/potential-sql-injection-vulnerability-in-typo3-core/